The hype around blockchain technology and its possibilities tempts us to jump headlong onto the blockchain bandwagon. As entrepreneurs, businesses and professional advisors, we need to pause and assess. Using blockchain technology does not absolve us from complying with the law. In particular, any use of personal data on or with a blockchain must comply with the GDPR. Protection of personal data is particularly pertinent when designing or using blockchain technology and must be considered at the early planning stages of any blockchain project.
The EU Blockchain Observatory and Forum’s recent report, Blockchain and the GDPR, recommends that businesses and entrepreneurs consider a number of issues before implementing a blockchain solution including:
- asking the question: is blockchain technology is really needed?;
- avoiding using blockchain technology or the blockchain for personal data;
- understanding that even personal data collected and stored in compliance with GDPR must continue to comply with GDPR when linked or connected to one or more blockchains; and
- ensuring that all parties are clearly informed on the use and processing of their personal data, if any.
GDPR compliance should be built into blockchain solutions so that compliance is by design. Where technology and regulation meet, innovation often follows. Indeed, innovation will be needed. The very desirability of blockchain's immutability (unchanging nature) may give rise to some challenging regulatory complications. These could include reconciling blockchain's immutability with the need to correct incorrectly recorded personal data. Similarly, blockchain's immutability may be at odds with an individual's right to be forgotten, that is, to have their personal data erased.
These regulatory challenges are an opportunity for the development of new blockchain solutions. Such solutions may even be patentable.
The European Patent Office held the EPO Patenting Blockchain Conference on 4 December 2018, which will provide further guidance on the patentability of blockchain and its applications. Watch this blog for our thoughts on that shortly.
These are indeed exciting times. There is a real opportunity for entrepreneurs and businesses to develop and/or implement new and improved blockchain applications to ensure that personal data is processed efficiently and in compliance with all regulatory requirements.
MEPs call for business GDPR 'guarantee' on using blockchain Businesses should not begin using blockchain technology to process personal data until they can guarantee compliance with EU data protection laws, a Committee of MEPs has said.